About kkosiur

kkosiur · ‎03-15-2022

HI @venky1544 , this search returned the same error message again. I am running: index=publishing* |rex max_match=0 field=_raw "\'totalWordCount\':(?<totalWordCount>\d+)" |table totalWordCount

kkosiur · ‎03-14-2022

Hmm that search didnt work. It returned the error message 'Error in SearchOperator:rex': Usage: regex [field=<field>]<regex>. Unfortunately I have no control over how the data is ingested so it seems like I am stuck with rex

kkosiur · ‎03-14-2022

I'm trying to extract the total word count from field1 but am unable to find the correct solution. The format is: field1: {'totalWordCount': 44891, 'totalUsers':49, 'usUsers':20, 'publishers':18, 'articlesByCountry': {'CA':124, 'US':50, 'AUS':19, 'NZ':2}, 'publishersbyCountry':{'CA':124, 'US':50, 'AUS':19}} Theres much MUCH more to this field than I listed above but I am only interested in the total word count. Any idea how to extract this information? I've tried |rex field=field1 "'totalWordCount': * " but get an error message "The regex "totalWordCount':*' does not extract anything. It should specify at least one name group. Format: (?<name>...). Im still new to Splunk so bear with me!

Posts	3
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎03-14-2022

Online Status	Offline
Date Last Visited	‎03-17-2022 03:02 PM

How to extract wordcount from Array?

Re: How to extract wordcount from Array?

Re: How to extract wordcount from Array?

How to extract wordcount from Array?

Join the Conversation

How to extract wordcount from Array?

Re: How to extract wordcount from Array?

Re: How to extract wordcount from Array?

How to extract wordcount from Array?